Archive

I recently came across an interesting scenario at one of the most prestigious UK public sector organizations (without saying any names). I found that during Office 365 Hybrid Configuration, someone had prepended the domain validation hash token to the existing SPF TXT record instead of creating a new TXT record.

I did find that they had good reason to do so as the DNS servers used for public DNS were so antiquated they did not support multiple TXT records for the same domain. Adding the domain validation token text to the SPF TXT allowed the hybrid configuration to be set up but broke the SPF record.

To correct the SPF record as I advised, the ‘Change Advisory Board’ required authoritative confirmation direct from the horse’s mouth, i.e., Microsoft, that removing the domain validation token from the SPF TXT record would not have any desirable effect on the hybrid configuration.

Although I had full knowledge that the domain validation token had no purpose after the federation trust had been set up, I obtained the required official authoritative confirmation from an ex-colleague at Microsoft. Yes, I did work at Microsoft quite recently, until April 2014).

Therefore, having had this official confirmation, I spell it out for those of you who are still unsure. The domain validation TXT records can be safely removed after the federation trust has been set up. This is not known to have any undesirable effects on the hybrid configuration or the federation trust.